support.mozilla.org reflected xss

RESOLVED DUPLICATE of bug 1223970

Status

RESOLVED DUPLICATE of bug 1223970
3 years ago
3 years ago

People

(Reporter: muratyilmazlar1, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
Build ID: 20151029151421

Steps to reproduce:

I entered support.mozilla.org and tried few xss vectors on search bar such as <script>alert(1)</script>

And when i entered my fav. payload which is this: '"><svg/onload=confirm(document.domain)>

I gave this alert: http://prntscr.com/92sold


Actual results:

It gaves me alert : support.mozilla.org


Expected results:

I expected the have this alert and i had it. Here is reflected xss alert on support.mozilla.org
It's in the progress of being fixed now. Thank you for reporting it!
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1223970
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.